Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-sigs] Rebuilding snort server and sensors

from [Charles Lacroix] Network Security [Permanent Link]
Subject: Re: [Snort-sigs] Rebuilding snort server and sensors
Date: Tue, 25 Oct 2005 15:50:06 -0400

RedHat is terrible for this, they ship all utils you may need for installing another package.

Debian is pretty good though, if you do a minimal install it's pretty much minimal with a shell and apt-get tool to install what's needed.

I guess gentoo would be a good choice too if you want to go with sources and all that waiting for compilation. :)




Thompson, Jimi wrote:
Item #1 – RH9 is obsolete. You may not be able to harden the OS sufficiently to do what you need to do safely.

Item #2 – RH, unless you go to a lot of extra trouble, tends to install a lot of things that really aren’t ideal on any server, much less one being used a security appliance.

Item #3 – The BSD’s do a much better of job of only installing what’s necessary to bring the box up (i.e. kernel and necessary bits of the OS) .



When I’m setting up a box to be used as a security appliance, I make sure that I have the lasted versions of everything, unless they have some known issue that makes them undesirable. I also make sure that anything I can build from source, I do so since I prefer to do custom configs instead of pre-installed packages. I also don’t like having to either go in and uninstall a bunch of crap or spend a lot of valuable time configuring the OS installer in the first place. When I first bring a box up, the ONLY thing I want is a blinking command prompt. I really don’t care about a GUI, games, web server, etc. If I want them, I will install them. The FIRST rule of security is that if it’s not installed, it’s not a problem.



Just my 2 cents….



Thanks,



Ms. Jimi Thompson

Manager of Web Operations

SMU Cox School of Business



If computers get too powerful, we can organize them into a committee -- that will do them in. -- Bradley's Bromide

------------------------------------------------------------------------

*From:* snort-sigs-admin@lists.sourceforge.net [mailto:snort-sigs-admin@lists.sourceforge.net] *On Behalf Of *Murali Raju
*Sent:* Monday, October 24, 2005 7:05 AM
*To:* Michael Mulholland
*Cc:* Snort-sigs@lists.sourceforge.net
*Subject:* Re: [Snort-sigs] Rebuilding snort server and sensors



1. Linux - if you want to use the libpcap that employs a shared mem ring buffer (http://public.lanl.gov/cpw/)..
2. FreeBSD - with device_polling configured can help speed up packet capturing in addition to speed and stability...
3. OpenBSD - lean with many security features, including the new heap protection and other defense against ICMP based attacks available on release 3.8....the de facto for security appliances in my opinon.

I use and prefer the BSDs over Linux any day...

Cheers,

_Raju

On 10/24/05, *Michael Mulholland* <Michael.Mulholland@dfpni.gov.uk <mailto:Michael.Mulholland@dfpni.gov.uk>> wrote:





folks

i'm intent on rebuilding our existing snort setup from RH9 and was
wondering what platform you'd recommend

thanks

michael mulholland



******************************************************************************************* 

  Any views expressed by the sender of this message are not necessarily
those of the Department of Finance & Personnel or The Office Of the First
Minister and  Deputy First Minister.  This email and any files transmitted
with it are intended solely for the use of the individual or entity to whom
they are addressed.  If you have received this email in error please notify
the sender immediately by using the reply facility in your email software.
All emails are swept for the presence of viruses.
*******************************************************************************************



-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net <mailto:Snort-sigs@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs




--
May the packets be with you.




-------------------------------------------------------
This SF.Net email is sponsored by the JBoss Inc.
Get Certified Today * Register for a JBoss Training Course
Free Certification Exam for All Training Attendees Through End of 2005
Visit http://www.jboss.com/services/certification for more information
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: [Snort-sigs] Rebuilding snort server and sensors, Charles Lacroix <=
Previous by Date:  [Snort-sigs] Sig ID 3000, lanceb
Next by Date:  RE: [Snort-sigs] add cert on reference.config file ?, Michael Scheidell
Previous by Thread:  [Snort-sigs] Sig ID 3000, lanceb
Next by Thread:  RE: [Snort-sigs] add cert on reference.config file ?, Michael Scheidell
Indexes:  [Date] [Thread] [Top] [All Lists]